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Abstract 

Armstrong’s axioms of functional dependency form a well-known log¬ 
ical system that captures properties of functional dependencies between 
sets of database attributes. This article assumes that there are costs asso¬ 
ciated with attributes and proposes an extension of Armstrong’s system 
for reasoning about budget-constrained functional dependencies in such a 
setting. 

The main technical result of this article is the completeness theorem for 
the proposed logical system. Although the proposed axioms are obtained 
by just adding cost subscript to the original Armstrong’s axioms, the 
proof of the completeness for the proposed system is significantly more 
complicated than that for the Armstrong’s system. 


1 Introduction 


In dependency theory, functional dependencies are often used not only as a de¬ 
scription of the data, but also as a semantic constraints for database designs, 

introduced a system of three axioms de- 


Vardi 1985 . Armstrong 1974 


see 

scribing the properties of functional dependencies between sets of attributes in 
a database. The applicability of these axioms goes far beyond the domain of 
databases. They describe the properties of functional dependency between any 
two sets of values. For example, knowing sides a and & of a triangle and the 
angle 7 between them, one can determine the third side c and two other angles 
a and [}. We write this as a, b, 7 > c, a, /3. Yet, knowing two sides of the triangle 
and the angle not between them, one cannot determine the remaining site and 
angles: ->(a, b, a \> c, /3, 7 ). 

The property a, 6,7 [> c, a, (3 is valid when a, b and c are three sides of a 
triangle and a, /3, 7 are the angles opposite to these sides respectively. However, 
it may not be valid under some other interpretation of variables a, b , c, a, /3, and 
7 . For example, it is not valid if a, b and c are three sides of a pentagon and 
a, /?, 7 are the opposite angles. Armstrong’s axioms capture the most general 
properties of functional dependencies that are valid in all settings. These axioms 
are: 


(Al) Reflexivity: A D> B, if B C A, 
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(A2) Augmentation: A\> B —>■ A, C > B,C , 


(A3) Transitivity: A\>B^(B\>C-^A[>C), 


where A, B denotes the union of sets A and B. Armstrong proved the soundness 
and the completeness of this logical system with respect to a database semantics. 
The above axioms became known in database literature as Armstrong’s axioms, 

p. 81]. Beeri, Fagin, and Howard Beeri et al. 


see 


Garcia-Molina et al. 2009 


1977 


suggested a variation of Armstrong’s axioms that describes properties 

[2007 


of multi-valued dependency. Vaananen 
these principles. Naumov and Nicholls 


proposed a first order version of 
2014 developed a similar set of axioms 


for what they called the rationally functional dependency. 

There have been two different approaches to extending Armstrong’s axioms 
to handle approximate reasoning. Belohlavek and Vychodil 2006 described a 


complete logical system that formally captures the relation that approximate 
values of attributes in set A functionally determine approximate values of at¬ 


tributes in set B. In his upcoming work, Vaananen 2014 considered the relation 


attributes in set A determine attributes in set B with exception of p fraction of 
cases. We denote this relation by A [> p B. For example, A > 0.05 B means that 
attributes in set A determine attributes in set B in all but 5% of the cases. 


Vaananen 2014 proposed a complete axiomatic system for this relation, which 


is based on the following principles: 


1. Reflexivity: A [>o B , where B C A, 

2. Totality: A\>iB , 

3. Weakening: A t> p C, D —► A, B > p C, 

4. Augmentation: A \> p B —> A, C t> p B, C, 

5. Transitivity: A B —> (B \> q C —»• A t> p + q C), where p + q < 1, 

6 . Monotonicity: A B — >• A \> q B, where p < q. 

Note that Vaananen’s relation A > p B is exactly the original Armstrong’s 
functional dependency relation when p = 0. In the case of an arbitrary p , 
relation A\> p B could be considered as a “weaker” form of functional dependency, 
which might hold even in the cases where the functional dependency does not 
hold. 

In this article we propose another interpretation of atomic predicate A\> p B, 
that we call the budget-constrained dependency. Just like Vaananen’s approxi¬ 
mate dependency, the budget-constrained dependency is a weaker form of the 
original Armstrong’s functional dependency relation. Intuitively, there is a 
budget-constrained dependency A\> p B when just a few new attributes could be 
added to the set A in such a way that the extended set functionally determines 
the set B. We use parameter p to formally specify what the phrase “a few 
new attributes” means. Namely, we assume that a non-negative cost is assigned 
to each attribute and that A\> p B means that there is a way to add several 
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attributes with a total cost no more than p to set A in such a way that the 
extended set of attributes functionally determines all attributes in set B. In 
this article we introduce a complete logical system for the budget-constrained 
dependency which is based on the following three principles that generalize 
Armstrong’s axioms: 


1. Reflexivity: A B, if B C A, 

2. Augmentation: A\> p B —> A,C \> p B , C, 

3. Transitivity: A\> p B —> (B \> q C —> A \> p + q C). 


We call our framework “the budget-constrained dependency” because its 
most natural application is in the setting where all data is potentially accessible 
to an agent at a cost. In this setting At> p B means that if an agent already knows 
the values of attributes in set A, then she can determine the values of attributes 
in set B at a cost p. One example of such a setting is fees associated with 
information access: criminal background check fees, court records obtaining fees, 
etc. Another example is geological explorations, where learning about deposits 
of mineral resources often requires costly drilling. Although it is convenient to 
think about a budget constraint as a financial one, a budget constraint can also 
refer to a limit on time, space, or some other resource. 

Although Reflexivity (Al), Augmentation (A2), and Transitivity (A3) are 
usually called Armstrong’s “axioms”, technically they can be formalized either 
as inference rules or as axioms. In the former case the language of the system 
consists only of the atomic predicate of the form A l> p B. In the latter case 
the language consists of all Boolean combinations of such predicates and the 
formal logical system also includes propositional tautologies and the Modus 
Ponens inference rule. Armstrong [1974 original paper proves the completeness 
of (Al), (A2), and (A3) as inference rules. However, his proof can be easily 
modified to prove the completeness of the corresponding system of axioms, as 
in Heckle and Naumov [2014 


Belohlavek and Vychodil 


2006 


and Vaananen 2014 also proved the com¬ 
pleteness theorems for logical systems consisting of inference rules. Different 
from their approach, in this article we treat our version of Armstrong’s axioms 
as propositional axioms. Since inference rule 


yd. y>2, ■■■,‘Pn 

could be interpreted as a propositional formula 

<Pi -t (<^2 -t -t ip)---), 

an axiom-based system is syntactically richer than the corresponding rule-based 
system. Thus, the completeness result for an axiom-based system obtained in 
this article is stronger than a potential claim of the completeness result for the 
corresponding rule-based system. 
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The main result of this article is the completeness theorem for our logical 
system. Since the system essentially consists of three Armstrong’s axioms la¬ 
beled with budget constrains, one might expect the proof of the completeness 
to be a straightforward modification of the proof of the completeness for the 
original Armstrong’s system. Surprisingly, the proof of the completeness in our 
case requires a much more sophisticated argument. 

Next, we explain the reason for this unexpected complexity. The complete¬ 
ness theorem states that any unprovable formula is not satisfied in at least one 
model. Thus, to show the completeness we need to be able to construct a model 
(or a “counterexample”) for each unprovable formula. For instance, consider 
the formula a > b —> b \> a in the language without budget constraints. To con¬ 
struct a counterexample for this formula we need to describe a model in which 
attribute a functionally determines attribute b but not vice versa. To describe 
such a model, one can think of attributes a and b as paper folders that are used 
to store copies of certain documents. Specifically, consider a model in which 
folder a always stores a copy of document X and folder b is always kept empty, 
see Figure [T] In this model, based on the content of folder a one can always 
vacuously recover the content of empty folder b. At the same time, based on 
the content of empty folder b one cannot recover the content of folder a. Thus, 
formula a\>b —> bl> a is false in this model. 



Figure 1: Formula a > b is true, but formula b [> a is false. 


To construct a counterexample for formula a [> b V b \> a, one can consider a 
model in which folders a and b containing copies of two different (and unrelated 
to each other) documents X and Y respectively, see Figure [2] 



Figure 2: Formulas a > b and b [> a are both false. 


To construct counterexamples for more complicated formulas, one can con¬ 
sider models with multiple folders containing copies of multiple documents. An 
example of such a model is depicted in Figure [3] In this model a, b > c is true 
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because anyone with access to folders a and b knows the content of folder c. 
The folder/document model informally described here is sufficiently general to 
create a counterexample for each formula unprovable from Armstrong’s axioms. 
In fact, the original Armstrong’s proof of the completeness for his rule-based 
system and the proof of the completeness for the corresponding axiom-based 
system ( |Heckle and Naumov 2014 ) could be viewed as formalizations of this 
folder/document construction. 



Figure 3: Formula a, b > c is true. 


The situation becomes significantly more complicated once the cost of infor¬ 
mation is added to the language. Let us start with a very simple example. If 
we want to construct a counterexample for formula a >4 b , then we can consider 
a model depicted in Figure [4] with two folders: a and 6 , priced at S3 and $5, 
respectively. The first of these folders is always empty and the second contains 
a copy of the document A'. It is clear that in this model anyone who knows 
the content of folder a still needs to spend $5 to learn the content of folder b. 
Thus, budget-constrained dependency a l> p b is not satisfied in this model for 
each p < 5. 




Figure 4: Formula a >4 b is false. 


Let us now consider a more interesting example. Suppose that we want to 
construct a counterexample for formula a >4 b —» 0 >4 b. That is, we want 
to construct a model where anyone who knows the content of folder a can 
reconstruct the content of folder b after spending at most $4. Yet, the same can 
not be done without access to folder a. To construct such a model we use the 
cryptographic tool called one-time encryption pad. Our model consists of three 
folders a, b, and c priced at $3, $5, and $4, respectively, see Figure[5] Let folder 
b contain a copy of a document A, folder c contain encryption an pad P, and 
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folder a contain the encrypted version of the document. In this model, 0 >4 b is 
false because $4 buys either access to the encryption pad in folder c or access to 
the encrypted text in folder a , but not both. However, formula a >4 b is true in 
the same model because anyone who knows encrypted text Encrypt(X,P) can 
spend $4 on pad P, decode message X, and thus, learn the content of folder b. 



Figure 5 : Formula a >4 b -» 0 >4 b is false. 


The one-time pad encryption is known in cryptography as a symmetric-key 
algorithm because the same key (i.e. the one-time pad) could be used to encrypt 
and to decrypt the text. As a result, in the model depicted in Figure [ 5 j not 
only formula a >4 b is true, but formula b >4 a is true as well. 

For the next example, we construct a counterexample for formula 

a >4 b — > (0 >4 b V b >4 a). 

This is an easier task than one might think because one just needs to modify 
the previous model by adding add to the folder a some extra document not 
related to the document X and to raise the price of this folder, see Figure [6] 
This guarantees that the only way to learn all the content of folder a is to buy 
folder a directly. 



Figure 6: Formula a >4 b —> (0 >4 b V b >4 a) is false. 


The situation becomes much more complicated if we want (i) the value of 
attribute a to be recoverable from the value of attribute b and (ii) the value of 
attribute b to be recoverable from the value of attribute a, but at a different 
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price. In other words, we want to construct a counterexample of the following 
formula: 


a >1 b A b >5 a —► (0 >5 a V 0 >1 b V b >4 a). ( 1 ) 

At first glance, this goal could be achieved using the asymmetric key cryptog¬ 
raphy, commonly used in the public-key encryption. For instance, suppose that 
folder a contains a document X and folder b contains the same document en¬ 
crypted with an encryption key fc e , see Figure]?] To obtain the content of folder 
b based on the content of folder a, one only needs to know the encryption key 
k e . To restore the content of folder a based on folder b one needs to know the 
value of the decrypt ior0 key . If the encryption key and the decryption key 
are priced at $1 and $5 respectively, the formula b >4 a is not satisfied from the 
cryptographic point of view. Since folders a and b are priced in this model at 
$100 each, formulas 0 >5 a and 0 >1 b are not satisfied either. Thus, the entire 
formula ([T]) is not satisfied from the cryptographic point of view. 



Figure 7 : Formula a >1 b A b >5 a —> (0 >5 a V 0 >1 b V b >4 a) is false. 


Note, however, that cryptographic asynrmetric-key algorithms are only poly¬ 
nomial time secure and the proof of polynomial time security requires an ap¬ 
propriate computational hardness assumption Katz 2010 Ch. 2]. In other 


words, in public-key cryptography, the encrypted text can be decrypted using 
only the public encryption key if one has exponential time for the decryption. 
Neither Armstrong 1974 definition of functional dependency nor our definition 
of budget-constrained functional dependency, given in Definition [ 6 ] below, as¬ 
sumes any upper bound on computability of the functional dependency. From 
our point of view, one would be able to eventually restore the content of folder a 
based on folder b by spending $1 on the content of folder c. Thus, in the above 
setting, without polynomial restriction on computability, not only formula bt> 4 a 
is true, but formula b >1 a is true as well. 

Figure [ 8 ] shows a counterexample for statement ([l]) that does not require 
functional dependency to be polynomial time computable. Assume that folders 
a and b contain copies of unrelated documents X and Y, folder c contains an 


1 In public-key cryptography, an encryption key is known as the public key and a decryption 
key as the private key. We do not use these terms here because in our setting neither of the 
keys is public in the sense that both of them have associated costs. 
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Figure 8: Formula a >1 b A b >5 a —> (0 >5 a V 0 >1 b V b >4 a) is false. 


infinite supply of one-time encryption pads Pi, P 2 , P3,... and folder d contains 
another infinite set of one-time encryption pads Q 1 , Q 2 , Q 3 , • • ■ • First, encrypt 
document Y with one-time pad Pi and place a copy of the resulting cyphertext 
Encrypt(Y, Pi) into folder a. Next, encrypt Encrypt(Y, Pi) with pad Q 2 and 
place a copy of the resulting cyphertext Encrypt^Encryp^Y, Pi), Q 2 ) into folder 
b. Then, encrypt Encrypt(Encrypt(Y , Pi), Q 2 ) with pad P3 and place a copy of 
the resulting cyphertext Encrypt(Encrypt(Encrypt(Y, Pi), Q 2 ), P3) into folder 
a, and so on ad infinitum. Perform similar steps with the document X , as shown 
in Figure [ 8 ] 

To show that the model depicted in Figure[8]is a counterexample for formula 
|l]), we need to prove that both formulas a >1 b and b >5 a are satisfied in this 
model and each of the formulas 0 [> 5 a, 0 >1 b , and £>[>4 a is not satisfied. First, 
notice that formula at>i b is satisfied because folder a contains all documents in 
folder b encrypted with one-time pads Pi, P 2 ,... and that all these pads could 
be acquired for $1 by buying folder c. Second, formula b >5 a is satisfied for 
a similar reason using pads Qi,Q2, ■ • ■ ■ Third, formula 0 >5 a is not satisfied 
because for $5 one can only buy either folder c or folder d , both containing only 
one-time pads. In the absence of folder b , one-time encryption pads can not be 
used to recover document X stored in folder a. Formula 0 >1 b is not satisfied 
for a similar reason. Finally, b >4 a is not satisfied because $4 is not enough to 
buy the content of folder d. This amount of money can only be used to buy 
pads Pi , P 2 ,... in folder c. Knowing the content of folder b and one-time pads 
Pi, P 2 ,..., one can not recover document X contained in folder a. 
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In this article we prove the completeness of our logical system. At the core 
of this proof is a generalized version of the construction presented in Figure [ 8 ] 
The axiomatic system proposed in this article is related to other logic system 
for reasoning about bounded resources. The classical logical system for reason¬ 
ing about resources is the linear logic of Girard 1987 . Alechina and Logan 


2002 presented a family of logical systems for reasoning about beliefs of a per¬ 


fect reasoner that only can derive consequences of her beliefs after some time 
delay. This approach has been further developed into the multi-agent Timed 
Reasoning Logic in Alechina et al. 2004 . Bulling and Farwer 2010 proposed 


Resource-Bounded Tree Logics for reasoning about resource-bounded compu¬ 
tations and obtained preliminary results on the complexity and decidability of 
model checking for these logics. Alechina et al. 2011 incorporated resource re¬ 
quirements into Coalition logic and gave a sound and complete axiomatization of 
the resulting system. Another logical system for reasoning about knowledge un¬ 
der bounded resources was proposed by Jamroga and Tabatabaei 2013 . Their 


article focuses on the expressive power of the language of the system and the 
model checking algorithm. Our previous work Naumov and Tao 2015 intro¬ 
duced a sound and complete modal logic for reasoning about budget-constrained 
knowledge. Unlike our current system all of the above logics do not provide a 
language for expressing functional dependencies. 

This paper is organized as follows. In Section [2] we formally define the lan¬ 
guage of our logical system and its informational semantics. In Section [3] we list 
the axioms of the system that have already been discussed in the introduction. 
In Section [4] we give several examples of formal proofs in our logical system. In 
Section [5] we prove the soundness of our axioms with respect to the informa¬ 
tional semantics. In Section [ 6 ] we introduce an auxiliary hypergraph semantics 
of our logical system and prove the completeness with respect to this seman¬ 
tics. In Section [7] we use the result obtained in the previous section to prove 
the completeness of our logical system with respect to the informational seman¬ 
tics. Section [ 8 ] strengthens the informational completeness results by proving 
the completeness with respect to a more narrow class of finite informational 
models. Section [9] concludes the article. 


2 Syntax and Semantics 

In this section we introduce the language of our system and formally describe its 
intended semantics that we call informational semantics. Later on we introduce 
an auxiliary hypergraph semantics used as a technical tool in the proof of the 
completeness with respect to the original informational semantics. 

Definition 1 For any set A, let language < I>(A) he the minimum set of formulas 
such that 

1. A [> p B £ 4?(A) for all finite sets A,BC-A and all non-negative real 
numbers p, 
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2. if ip £ $(.4), then ~^p £ ^(A), 

3. if tp,i/j £ &(A), then pip £ Q(A). 


Next, we introduce the formal informational semantics of our logical system. 
The only significant difference between our definition and the one used in A rm-[ 
strong 1974 is the costs function 


that assigns a non-negative cost to each 
attribute. Note that we assume that the cost is assigned to an attribute, not to 
its value. For example, if we assign a certain cost to a folder with documents, 
then this cost is uniform and does not depend on the content of the documents 
in this folder. 


Definition 2 An informational model is a tuple (A, {D a } a& ^, || ■ ||,£), where 

1. A is an arbitrary set of “attributes”, 

2. D a is a set representing the domain of attribute a £ A, 

3. || • || is a cost function that maps each attribute a £ A into a non-negative 
real number or infinity + 00 , 

4- 12 C Y\ ae ^D a is the set of “legitimate” vectors of attribute values under 
the constraints imposed by the informational model. 

In the example depicted in Figure [8j folders are attributes and the information 
stored in the documents contained in a folder is a value of such an attribute. 
The set of all possible values of an attribute is its domain. The cost of different 
attributes is specified explicitly in Figure [8j Note that there is a certain depen¬ 
dency between the plaintext, one-time encryption pads, and the cyphertext. In 
other words, not all combinations of values of different attributes are possible. 
The set £ is the set of possible, or “legitimate”, combinations of these values. 

We allow the cost ||a|| of an attribute a to be infinity. Informally, one can 
interpret this as attribute a not being available for purchase at any cost. If all 
attributes are available for sale, then we say that the informational model is 
finite. 

Definition 3 Informational model ( A , {D a } a( z. 4 , || • ||,£) is finite if ||a|| < +00 
for each a £ A. 

Definition 4 For any vector 1 1 = ( fa)aeA € A an U vector £2 = (fa)aeA G £, 
and any set A C A, let I\ =a 1 2 if fa = fa f or each attribute a £ A. 

Definition 5 For each finite set A C A, let ||A|| = IMI- 

The next definition is the key definition of this section. It specifies formal 
semantics of our logical system. Item 1. of this definition provides the exact 
meaning of the budget-constrained functional dependency. 

Definition 6 For each informational model I = (.4, {D a } a6 ^, || • ||, C) and each 
formula tp £ the satisfiability relation 1 1 = <p is defined as follows: 
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1 . I \= A > p B when there is a finite set CCA such that ||C|| < p and for 
each vectors S C, if i\ =a,c £ 2, then l\ =b ^2, 

2 . I\=^if if I ¥ if, 

3. I b if —> x if I V’ or I ^ V’- 

3 Axioms 

For any set of attributes A, our logical system, in addition to propositional 
tautologies in language $(.4) and the Modus Ponens inference rule, contains 
the following axioms: 

1. Reflexivity: A t> p B, where B C A, 

2. Augmentation: A [> p B —)■ A, C [> p B, C, 

3. Transitivity: A B —)■ (B \> q C -A A \> p + q C). 

By A, B we denote the union of sets A and B. We write b if formula ip is 
derivable in our system. Also, we write X b p if formula p is derivable in our 
system extended by the set of additional axioms X. 


4 Examples of Proofs 


We prove the soundness of our logical system in the next section. Here we give 
several examples of formal proofs in this system. We start by showing that the 
Weakening and the Monotonicity axioms from Vaananen 2014 are derivable in 
our system. 


Proposition 1 (Weakening) b A [> p C, D —> A, B [> p C. 
Proof. By the Augmentation axiom, 

b A [> p C, D -)• A, B \> p B, C , D. 

By the Reflexivity axiom, 

b B,C,D[> 0 C. 

By the Transitivity axiom, 


( 2 ) 

( 3 ) 


A, B [> p B, C, D (B, C, D > 0 C ->• A, B \> p C). 
Finally, from <©•© , and 0. by the laws of propositional logic, 

b A o p C, D -» A, B \> p C. 


( 4 ) 
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Proposition 2 (Monotonicity) b A O p B —y A O g B, where p < q. 

Proof. By the Reflexivity axiom, 

b B> q . p B. (5) 

By the Transitivity axiom, 

b A Op B —y (R \>q—p B —y A o g B ). (6) 

Finally, from ([5]) and ([6|, by the laws of propositional logic, 

b A Op B y A o g B. 


As our last example, we prove a generalized version of the Augmentation 
axiom. 

Proposition 3 b A \> p B —>■ (C \> q D —» A, C t> p + q B , D). 

Proof. By the Augmentation axiom, 

b A Op B -y A, C o p B, C (7) 

and 

\-C> q D^yB,C\> q B,D. (8) 

At the same time, by the Transitivity axiom, 

bd,COp 5,C-> (B, C>qB,D A,C O p+g B, D). (9) 

Finally, from Q, ([8]), and Q, by the laws of propositional logic, 


b A Op B 


{C> q D^A,C> p+q B,D). 


5 Soundness 

In this section we prove the soundness of our logical system. 

Theorem 1 If ip € and b ip, then I b w for each informational model 

I = (A,{D a } aeA ,\\.\\,C). 


The soundness of propositional tautologies and the Modus Ponens inference rule 
follows from Definition [6] in the standard way. Below we prove the soundness of 
the remaining axioms as separate lemmas. 
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Lemma 1 For each finite sets A, B C A, if B C A, then 1 1= A > p B. 

Proof. Let (7 = 0 . Thus, ||( 7 || = || 0 || = 0 < p. Consider any two vectors 
£i,£ 2 £ £ such that i\ =a,c £ 2 - It suffices to show that l\ =b £ 2 , which is true 
due to Definition [4] and the assumption B C A. Kl 


Lemma 2 For each finite sets A, B , (7 C A, if I \= A > p B, then I )= A,C > p 
B,C. 

Proof. By Definition [ 6 j assumption 1 1 = Ax> p B implies that there is a set D C A 
such that (i) ||D|| < p and (ii) for each £i, £ 2 € C, if l\ =a,d £2, then i\ =b £2- 
Consider now £^£2 £ £ such that £1 =a,c,d £2- It suffices to show that 
£1 =b,c £2- Note that assumption £1 =a,c,d £2 implies that £1 =a,d £2 and 
£1 =c £2 by Definition | 4 ] Due to condition (ii) above, the former implies that 
£1 =b £2- Finally, statements £1 ~b £2 and £1 =c £2 together imply that 
£1 =b,c £ 2 - Kl 


Lemma 3 For each finite sets A, B,C C A, if I f= A [> p B and I t= B X> q ( 7 , 
then I \= A \> p + q C. 

Proof. By Definition [fij assumption I t= A t> p B implies that there is D\ C A 
such that (i) ||-Di|| < p and (ii) for each £i ,£ 2 £ £, if £1 =a,d 1 £ 2 , then £1 =b £ 2 - 
Similarly, assumption I t= B X> q C implies that there is D 2 C A such that 
(iii) ||D 2 || < q and (iv) for each £i ,£ 2 £ £ 1 if £1 =b,d 2 £ 2 , then i x =c £ 2 - 

Let D = Di,D 2 . By Definition|5] ||D|| < ||Di|| + ||D 2 ||. Taking into account 
statements (i) and (iii) above, we conclude that ||D|| < p + q. Consider any 
two vectors £i ,£ 2 £ £ such that £1 =a,d £ 2 - It suffices to show that £1 =c £ 2 - 
Indeed, by Dcfinition[4j assumption £1 =a,d £2 implies that £1 =a,d 1 £ 2 - Hence, 
£1 =b £2 due to condition (ii). At the same time, assumption =a,d £2 also 
implies that £1 =d 2 £2 by Definition [4j Thus, £1 =b,d 2 £2 by Definition [4j 
Therefore, £1 =c £2 due to condition (iv). Kl 

This concludes the proof of Theorem [l] 

6 Auxiliary Hypergraph Semantics 

The main goal of the rest of the article is to prove the completeness of our 
logical system with respect to the informational semantics. To achieve this goal 
we introduce the hypergraph semantics of our logical system and prove that the 
following statements are equivalent for each p £ <f>(7l): 

1 . ip is provable in our logical system, 

2 . ip is satisfied in any informational model with a set of attributes A, 

3. ip is satisfied in any hypergraph with a set of vertices A. 
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We prove the equivalence of these statements by showing that the first statement 
implies the second, the second implies the third, and the third implies the first. 
Note that we have already proved in Theorem [l] that the first statement implies 
the second one. In the rest of the article we prove that the second statement 
implies the third and that the third implies the first. Together, these results will 
imply the soundness and the completeness of our logical system with respect to 
the informational semantics. 


6.1 Hypergraph Terminology 


Before defining the hypergraph semantics of our logical system, we introduce 
the basic hypergraph terminology used throughout the rest of the article. In 
mathematics, a hypergraph is a generalization of a graph in which edges have 
arbitrary numbers of ends, see Berge 1989 . Our hypergraph semantics is based 


on weighted directed hypergraphs. In such hypergraphs, edges are directed in 
the sense that they have multiple tails and multiple heads. For any given edge 
e, we denote these sets by m(e) and out(e). The edges are weighted in the sense 
that there is a non-negative value assigned to each edge. 


Definition 7 A weighted directed hypergraph, or just a “hypergraph ”, is a tuple 
( V,E , in, out, w), where 

1. V is an arbitrary finite set of “vertices”, 

2. E is an arbitrary (possibly infinite) set of “edges”, disjoint with set V, 

3. in is a function that maps each edge e £ E into set in(e) C V, 

4- out is a function that maps each edge e £ E into set out(e) C V, 

5. w is a function that maps each edge e £ E into a non-negative real number 
w(e). 

Definition 8 For any hypergraph ( V, E, in, out, w) and any set F C E, let 

w(F) = E eGF W ( e )' 

Next, we define the closure A* F of a set of vertices A with respect to a set 
of edges F of a hypergraph. Informally, the closure A* F is a set of all vertices 
that are reachable from a vertex in set A following the directed edges in set F. 
In order to follow a directed edge e £ F, one needs to be able to first reach all 
vertices in set in(e). To define the closure A* F , we first define the partial closure 
A F of all vertices reachable from A through F in no more than k steps: 

Definition 9 For each weighted directed hypergraph ( V,E,in,out,w), each set 
A C V, each set F C E, and each non-negative integer k, let set A F be defined 
recursively as follows: 

1. A° f = A, 


14 





2. for any k > 0, 


4+ 1 =A k F U U out(f). 

{/£F | in(f)QA%} 

Figure [9] depicts a hypergraph where vertices are represented by circles and 
edges by ovals. We use arrows to indicate tails and heads of an edge. An 
arrow from a vertex to an edge indicates that the vertex is a tail of the edge, 
and an arrow from an edge to a vertex indicates that the vertex is a head of 
the edge. For example, m(ei) = {wi,u 2 } and out(e 1 ) = The same 

figure shows partial closures A° F = {ui,v 2 }, A l F = {-iq, u 2 , V 3 , tq}, and A 2 F = 
{v 1 ,v 2 ,v 3 ,v 4 ,v 5 ,v 6 }, where A = {ui,u 2 } and F = {ei,e 2 }. 



Figure 9: A F for A = {ui,u 2 } and F = {ei,e 2 }. 


Finally, we define closure A* F to be the union of all partial closures: 

Definition 10 A* F = Ufc>o^F- 

Next, we establish two properties of closures that are used later in the proof of 
the completeness for the hypergraph semantics. 


Lemma 4 For each set of vertices A C V and each set of edges F C E there 
is k > 0 such that A* F = A k F . 


Proof. By Definition [T] the set of all vertices V is finite. Thus, by Definition [9j 
chain A° F C A F C A F C ... is a non-decreasing chain of subsets of finite set V. 
Hence, there must exist k > 0 such that all sets in this chain starting with set 
A f are equal. Therefore, A* F = A F by Definition 10 Kl 
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Lemma 5 For each k > 0, each set of vertices A C V, and each set of edges 
F C E, there is a sequence A = Ax, fx, A 2 , / 2 , ■ • ■, A n _x, fn-i, A n = A k F such 
that 

1 . n > 1 , 

2. / 1 ,..., fn-i £ F are distinct edges, 

3. Ax, ..., A n _x, and A n are subsets of set V, 

4 . in(fi) C Ai, for each 1 < i < n, 

5. Aj U out(fi) = Ai + x, for each 1 < i < n. 

Proof. We prove this lemma by induction on k. If k = 0, then A k F = A by 
Definition [9] Therefore, the single-element sequence A is the desired sequence. 
For the induction step, assume that there is a sequence 

A = Ax, fx,A 2 , /*2, • • •, A r l _ 1 , f n -x,A n = A F 

that satisfies the conditions 1 through 5 above. Let gx , ■ • •, g m be all such 
edges g £ F that in{g) C A F and out(g) ^ A F . By the condition 5 above, 
the condition out(g) £j- A F implies that none of < 71 ,... ,g m is equal to any of 
/ 1 ,..., fn— 1 • Note that = A F U Ut=i ou t(gi) by Definition [9j Therefore, 
the two-line sequence 

A = Ax, fx, A 2 , f 2 , ■ ■ ■, A n _x, fn— 1 ? A n = A F , gx,A F U out(gx), 

m 

g 2 , A F U out(gx) U out(g 2 ), g 3 , ■ ■ ■, g m , A F U (J out(gi) = A k F +1 

i =1 


is the required sequence for k + 1 . 


6.2 Hypergraph Completeness 

In this section we define the hypergraph semantics of our logical system and 
prove the completeness of the system with respect to this auxiliary semantics. 
In other words, using statements defined in the beginning of Section [ 6 j we prove 
that the third statement implies the first one. The hypergraph semantics is 
specified in the following definition. Item 1 in this definition is the key part 
because it specifies the meaning of the atomic predicate A [> p B. Note that we 
use symbol t= for the satisfiability relation under the informational semantics 
discussed previously and IP for the satisfiability relation under the hypergraph 
semantics introduced here. 

Definition 11 For each hypergraph F[ = (V, E,in, out,w) and each formula 
ip £ $(C), the satisfiability relation H \\- ip is defined as follows: 

1. H IP A\> p B if there is a finite set F C E such that w(F) < p and B C A* F , 
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2. H lb ifHVfij}, 

3. H Ih i/) —$■ x tf H lb ill or H Ih i/j . 

The next theorem is the completeness theorem for the hypergraph semantics 
of our logical system. The proof of this theorem ends at the end of this section. 


Theorem 2 Let V be a set and ip £ $(V). If H Ih ip for each hypergraph H 
with set V as vertices, then b tp. 

Proof. Suppose that Y- <p. Let X be a maximal consistent subset of $(V) con¬ 
taining formula -tip. We define a hypergraph H = ( V., E, in, out, w) as follows. 
Let E be set {(A,p,B) | A \> p B £ X}. For each edge ( A,p,B) £ E, let 
in((A,p,B)) = A, out((A,p, B)) = B, and w{{A,p,B)) = p. In the corollary 
below and the three lemmas that follow, we establish basic properties of the 
hypergraph H needed to finish the proof of the completeness. 

Corollary 1 in{e) > u ,( e ) out(e) £ X for each e £ E. 

Lemma 6 AT A > p A* F for each finite F C E such that w(F) < p and for 
each set A C F. 

Proof. By Lemma |4j there must exist k > 0 such that A* F = A F . Thus, by 
Lemma [5j there is a sequence 

A = Ai, /i, A 2 , / 2 ) • • ■, A n — 1 , f n -i, A n = A* F (10) 


such that 


1 . n > 1, 

2. / 1 ,..., fn-i £ F are distinct edges, 

3. A±, ..., A n _ 1 , and A n are subsets of set V, 

4. in(fi) C Ai, for each 1 < i < n, 

5. Ai U out(fi) = A i+1 , for each 1 < i < n. 
Towards the proof of the lemma, we first show that 


X ^ An 


( 11 ) 


for each 1 < m < n. We prove this by induction on m. If m = 1, then A m = A 


due to the choice of sequence (10 1 . Thus, X \- A\> 0 A 1 by the Reflexivity axiom. 
Assume that X b A\> 


e: 


'- 1 w(fi) Arl 


. We need to show that X b A[>% 


A m+ 1 . Indeed, since f m £ F C E, then by Corollary [lj we have 

in(fm) >w{f m ) out(fm) £ X. 


(h) 
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Thus, 


A Arm A m: OUt(f m ) 

by the Augmentation axiom. Note that C A m due to the condition 4 

above. Hence, 

A b Am ^ w(fm) A m , Ollt(fm')• 

Also note that A m U out(f m ) = A m+ i by condition 5 above. Thus, 

A b Am Am+1 ■ 

Therefore, by the induction hypothesis and the Transitivity axiom, 


X\- A >J27L i w(fi) Am+i- 

This completes the proof of statement (11). To finish the proof of the 
lemma, note that the assumption w(F) < p implies w ifi) < P- Thus, 

b Al> p _j 2 n ~i w (f ) A by the Reflexivity axiom. At the same time, statement (11) 
for to = n asserts that X b A[> w (f) A n . Hence, by the Transitivity axiom, 

X b A f t«(/,)+E 7=1 w (fi) An ■ 

Therefore, A' b A\> p A* F due to the choice of 


In other words, A b A [> p A, 
sequence (10). 


Lemma 7 A[> p B £ X if and only if H lb A l> p B, for each sets A,BCV and 
each non-negative real number p. 


Proof. (=>). Suppose that A\> p B £ X. Then, (A,p,B) £ E by the choice of set 
E. Let F be the singleton set {(A,p,B)}. Note that w(F) = p, in({A,p,B)) = 
A = A *p, and, by Definition [ 9 ] and Definition 10 


B = out((A,p , B)) C (J out(f) C A l F C A* F . 

{f£F | in(f)QA%} 


Hence, B C A 
(•<=). Suppose that Hi lb At> p B. Then, by Definition 


F . Therefore, H lb A > p B by Definition fll 


11 


there is a finite F C E 


such that w(F) < p and B C A* F . Hence, b A* F [>o B by the Reflexivity axiom. 
Additionally, X b A [> p A* F by Lemma|6 Thus, A b A > p B by the Transitivity 


axiom. Therefore, A >„ B £ X due to t 


re maximality of the set A'. 


Lemma 8 if £ X if and only if H lb ip for each ip £ 4 > (R). 

Proof. We prove the lemma by induction on the structural complexity of for¬ 
mula ip. The case when ip is of form A x> p B follows from Lemma [7] The other 
cases follow from the maximality and consistency of set A and Definition El in 
the standard way. S3 


To conclude the proof of the theorem, note that assumption —up £ X implies 
that H lb (p by Lemma [8] and Definition 11 S3 


18 












7 Completeness theorem for the informational 
semantics 


In this section, we prove the completeness theorem for the informational se¬ 
mantics stated in the end of this section as Theorem [3] This result could be 
rephrased in terms of statements discussed in the beginning of Section [ 6 ] as: 
the second statement implies the first one. In the previous section, we have 
already shown that the third statement implies the first one. Thus, it suffices 
to prove that the second statement implies the third. In other words, we show 
that if formula ip is not satisfied by a hypergraph H , then it is not satisfied by 
an informational model Ih constructed from H. To prove this, we first describe 
how to construct an informational model Ih = {A,{D a }a<zAi II ' ||,£) based on 
a given hypergraph H = (V. E, in, out, w). 

Let A = V L> E. Recall that sets V and E are disjoint due to Definition [7] 


Definition 12 For any attribute a £ A 
follows: 


INI 


w{a), 

+ 00 , 


= V U E, the cost ||a|| is defined as 

if a £ E, 
if a £ V. 


We continue the construction with an auxiliary definition of a path on 
weighted hypergraph model H. It is convenient to distinguish two types of 
paths: paths that are initiated at a vertex and paths that are initiated at an 
edge. Note that paths of both types terminate at a vertex. 


Definition 13 A path initiated at vertex Vo is a finite alternating sequence of 
vertices and edges (vq, e\,V\, e- 2 ,..., e n , v n ) such that 

1 . n > 0, 

2 . Vk -i £ in(ek) for each 1 < k < n, 

3. Vk £ out(ek) for each 1 < k < n. 

For example, sequence (iq, ei, v±, e-i, vq) is a path initiated at vertex v\ in the 
hypergraph depicted in Figure [9j 

Definition 14 A path initiated at edge ei is a finite alternating sequence of 
vertices and edges {e\,v\, e%, ..., e n , v n ) such that 

1 . n> 1, 

2 . Vk -1 £ m(efe) for each 1 < k < n, 

3. Vk £ out{ek) for each 1 < k < n. 
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Sequence (ei, V 4 , e 2 ,ve) is a path initiated at edge e\ in the hypergraph depicted 
in Figure [9] 

To understand the rest of the construction of informational model Ih, let us 
consider an analogy between this construction and the informal document/folder 
model discussed in the introduction. The vertices of the hypergraph could be 
viewed as folders with multiple documents and directed edges show the process 
of the dissemination and the encryption of these documents between the folders. 
In our informational model, for the sake of simplicity, each document consists 
of just a single bit. For the hypergraph depicted in Figure [9j there might be 
a document (bit) x V6 initially stored in folder Vq. The value of this bit will 
be disseminated along various paths in the hypergraph and encrypted version 
of the document will be stored in different vertices (folders) along these paths. 
More specifically, the value of each bit stored in a vertex is disseminated against 
the direction of each edge leading to this vertex. In our example, because vertex 
Vq is a head of edge e2 whose tails are tq and iq, the encrypted value of x V6 is 
disseminated between these two tails. Namely, bit x Vg is represented as a sum 
of three bits k e2tV6 , x Vlt e 2tV6 and x V4ie2jV6 modulo two: 

x v B k e2Vg T x Vl&2 ^ Vg T x V4 ^ e2 ^ Vg (mod 2 ). 


One can think of bit k e2iV6 as an encryption key stored in edge e-i and bits 
x v ll e 2 ,v B and x v 4 ,e 2 ,v e as encrypted documents distributed between vertices iq 
and V4. Since vertex iq is not a head of any edge in the hypergraph depicted in 
Figure[9 the value of bit x Vl: e 2tV6 is only stored in vertex iq and not disseminated 
any further. At the same time, because vertex V 4 is a head of edge ei, the value 
of bit x V 4 : e 2tV6 is further distributed between tails of edge ei. It is represented 
as a sum of three bits k ei>v 4t e 2 ,v 6 , x v 1 ,e 1 ,v i ,e 2 ,v e and x v 2 ,e lt v 4 ,e 2 ,v 6 modulo two: 


Vv 4: e 2 ,VG — kei,v 4 ,e 2 ,v B 


l/ vi,ei,v 4 ,e 2 ,v B 


u v 2 ,ei,V4,e 2 ,Ve 


(mod 2 ). 


Again, one can think of bit Ay, ,v 4 ,e 2 ,v e as an encryption key stored at edge e\ and 
bits x vlieitV4ie2iV6 and %ii 2 ,ei,v 4 , e3 ,ve as encrypted documents distributed between 
vertices tq and V 2 - 

To summarize, informally, each edge in the hypergraph stores one encryption 
key corresponding to each path initiated at this edge. Vertices store encrypted 
documents as they are being disseminated along the paths. This intuition is 
captured in the two definitions below. 


Definition 15 For any attribute a € A = V U E, let domain D a be defined as 
follows: 

1. If a £ V, then D a is the set of all functions that map paths initiated at 
vertex a into set {0,1}. 

2. If a £ E, then D a is the set of all functions that map paths initiated at 
edge a into set {0,1}. 
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Definition 16 Let C be the set of all vectors (f a )a&A £ IIae .4 Ax such that for 
each edge-initiated path (ei, Vi,e2, ■ ■ ■, e n , v n ) , the following equation is satisfied: 

f e\ ( (^1 , V\ : ^ 2 7 7 7 Vn) ) “P ^ ^ fu ( (^j , V\ , 62 , • - • , C n , ) — 

fv 1 {(vi,e 2 ,...,e n ,v n )) (mod 2). (12) 

This concludes the definition of the informational model Ih = {A, {D a } a ^, || ■ 

II, C). 

Definition 17 Let 0 be the vector (f a )a£A such that f a = 0 for each a £ A. 

Lemma 9 0 £ C. 


Proof. 


Equation (12) holds for vector 0 because Q + J2 u ei n ( ei ) 0 = 0 (mod 2). 


The dissemination of encrypted information described above on the hyper¬ 
graph depicted in Figure [9] takes place from a head vertex of an edge to the tail 
vertices of the edge. This means that the bit stored at the head vertex could be 
determined based on the encryption key and the bits stored at the tail vertices. 
In other words, information flows in the direction that is opposite to the direc¬ 
tion of the edge, but the functional dependency exists in the same direction as 
the edge. This observation is the key to the understanding of the next lemma. 


Lemma 10 For any set of vertices AC V, any set of edges F C E, any k > 0, 
and any two vectors £\,£2 £ A if £ l =a,f £2 , then £\ =A k . £ 2 ■ 


Proof. We prove the lemma by induction on k. If k = 0, then Ap = A by 
Definition[9] Thus, assumption £\ =a,f £2 implies that £\ =a £2 by Definition 4 
Suppose that £\ = A k F £ 2 - We need to prove that £\ = A k + 1 £ 2 - By Definition 9 
it suffices to prove that £\ =b £2 for each e £ F and each b £ out(e), where 


in(e) C Ap. See Figure 10 



Figure 10: Illustration to Lemma [lOj 


Let £\ = (fa)aeA an< i £2 = {fa)a&A- It suffices to show that 
fb (( b 7 ei, vx ,..., e n , v n )) = fb((b, e lt v lt ..., e n , v n )) 
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for each path ( 6 , e i,Vi,... ,e n , v n ) initiated at vertex b. Indeed, by Definition 16 


fb(( b > e i,vi,...,e n ,v n )) = fl((e,b,e 1 ,v 1 ,... ,e n ,v n )) + 

e, &, ei, vi,..., e„, (mod 2 ). 

u£in(e) 


Recall that e £ F, and so, by Definition [4j assumption £-\ =a,f £ 2 of the lemma 
implies that t\ = e £ 2 . Hence, /* = / 2 . Then, 


/b((&) ei,Vi,... ,e n ,v n )) = f*((e,b,e i,v 1: ... ,e n ,v n )) + 

/u((' u > e Aei,vi,...,e„,'t; n )) (mod 2 ). 

u£in(e) 


By induction hypothesis, £\ =a l f £ 2 - Additionally, in{e) C by the choice of 
edge e. Thus, i\ =i n ( e ) £ 2 by Definition |4] Hence, /,( = ff for each u S *n(e). 
Then, 


/ b 1 (( 6 ,ei,ui,...,e n ,u ri )) = / e 2 ((e, 6 ,ei,ui,...,e n ,u ri )) + 

X! fu(( u i e , b , e i, v u---, e n,v n )) (mod 2 ). 

u£in(e) 


Therefore, / b (( 6 , ei, «i,..., e„, u n )) = / b (( 6 , ei, ui,..., e„, 
IE 


t'n)), by Definition 16 


Lemma 11 Tor any set of vertices AC V, any set of edges F C E, and any 
two vectors £\,£ 2 £ C, if £\ =a,f £2, then l\ =a* f £2- 

Proof. The statement of the lemma follows from Lemma flOl and Definition ITol IEI 


A cut (Hi, V 2 ) is a partition of the set of all vertices E. We consider cuts to 
be directed in the sense that (Hl, V 2 ) and {V 2l Hi) are two different cuts. 

Definition 18 An edge e £ E is called a crossing edge of a cut {Vi,V 2 ), if 
in(e) C Hl and out(e) (1V 2 7 ^ 0 . 

The set of all crossing edges of cut c = (Hi, V 2 ) is denoted by Cross(c). For 
example, edge ei is the only crossing edge of the cut c depicted in Figure El 
Generally speaking, cuts (Hl,H 2 ) and (H 2 ,Hi) have different sets of crossing 
edges. 


Lemma 12 For each c = (Hi,H2), if e £ Cross(c) and out(e ) fl H 7^ 0, then 
in(e) D H 2 7 ^ 0 . 


Proof. Suppose that in(e) fl H = 0. Then, in(e) C Hl. Thus, we have 


out(e) nb 2 /0 and in{e) C Hi. Therefore, e £ Cross(c) by Definition 18 
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Figure 11: CVoss(c) = {ei}, where c= ({t>i, v 2 , U 3 }, {« 4 , v 5 , w 6 }) 


Lemma 13 Ifc= (A* F , H\H£,), then Cross(c)r\F = 0, for each set of vertices 
A C V and each set of edges F C E. 

Proof. Suppose that there is an edge e £ F such that e £ Cross(c). Thus, 
in(e) C A* F and out(e ) D (V \ A* F ) ^ 0, by Definition 18 By Lemma|4j there is 
k > 0 such that A* F = A F . Hence, in(e) C A F . Thus, out(e ) C A^ff 1 by Defini¬ 
tion [ 9 ] Therefore, by Definition [lOj out{e) C A F , which yields a contradiction 
with outfe) ("I (V \ A* F ) ^ 0. H 


The next definition specifies the core construction in the proof of the com¬ 
pleteness by introducing the notion of a cut-limited inverted tree rooted at a 
vertex v. Informally, such a tree starts at vertex v and grows through the edges 
and vertices of the hypergraph. The tree is inverted because it grows in the 
direction against that of the edges. From each vertex, the tree brunches into 
each edge that has this vertex as a head. From each edge, the tree expands 
through only one of the tail vertices. Furthermore, if the edge is a crossing 
edge of the cut, then the tree does not expand from this edge at all. The tree 
can potentially loop through the hypergraph and be infinite. Figure [12] shows 
a cut-limited inverted tree rooted at vertex m. Note that this tree is inverted 
as it expands in the direction opposite to the direction of the edges. The tree 
is limited by cut (Hi, 14) and, thus, it does not continue through the crossing 
edge r of this cut. The tree brunches at vertex d and continues through edges 
r, s, and t of which vertex d is a head. Since the tree does not brunch at edges, 
edge y can only expand either through tail h or through tail k. The inverted 


tree depicted in Figure 12 expands through tail h. 

The next definition specifies the notion of a cut-limited inverted tree. We 
formally represent tree as a collection of paths. 

Definition 19 For any cut c = (Hi, V 2 ), c-limited inverted tree rooted at vertex 
v £ V 2 is any minimal set of paths T such that 

1. ( v ) £ T, 

2. for each vertex-initiated path (vo,ei,Vi,e±,... ,e n ,v n ) £ T and edge eo £ 
E such that uq £ out(e 0 ), we have (eo, i’o, ei, v\, e \,..., e n , v n ) £ T, 
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Figure 12: A cut-limited inverted tree rooted at vertex m. 


3. for each edge-initiated path (ei, Vi, ei,..., e n , v n ) £ T if e\ £ Crossed) 
then there is exactly one vq G in(e i)flt4 such that {vq, ei, Vi, e ±,..., e n , u„) G 
T. 

Because set T in the above definition is required to be a minimal set satisfying 
the given conditions, all paths in this set terminate with the vertex v at which 
the tree is “rooted”. 

Lemma 14 For any cut c = (14, 14) and any v G 14 there is a c-limited inverted 
tree rooted at vertex v. 

Proof. We recursively construct an infinite sequence of sets of paths T 0 , Ti, T 2 ,..., 
whose vertices are all in set 14, as follows: 

1. T 0 = {<«>}. 

2. For each k > 0, let 

T 2 fc+i = {(e, vi, ei,.. .,v n ,e n ,v) | (iq,ei,.. .,v n ,e n ,v) G T 2k ,v i G out(e)}. 

3. For each path 7r = (eo, v\, e \,..., v n , e n , v) G T 2 fe+i such that eg Cross(c), 
choose any vertex u G in(e o) H 14- Since Vi G outfe o) D 14, such vertex 
u exists by Lemma [12] Construct a path (u,eo,vi,ei,... ,v n ,e n ,v). Let 
T 2k +2 be the set of all paths constructed in such a way, taking only one 
path (and only one vertex u) for each path n. 

Let T = IJ i>0 Tj. SI 
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Lemma 15 For any cut c = (V), V 2 ), any c-limited inverted tree rooted at vertex 
v £ V 2 , and any n £ T, all vertices in path it belong to set V 2 . 

Proof. The statement of the lemma follows from condition 3 of Definition [19] 
and the minimality condition on T of the same definition. IEI 


The next lemma shows that two vectors can agree on a large set of attributes 
while not being equal on all attributes. 


Lemma 16 For any vector (f a )aeA G A any cut c = (Vi, V 2 ), and any b £ V 2 , 
there is a vector {f' a ) a ^A G £ such that 

L f'u = fu for each u £ Vi, 

2. f' e = f e for each e £ E \ Crossed), 

3. n ? f b - 


Proof. By Lemma [llj there exists a c-limited inverted tree T rooted at vertex 
b £ V 2 . Define vector ( f' a )aeA as follows: 


/«W 


! 1 + f a ( 7r), if a £ V and 7 r £ T, 
l + ZaM, if a £ Cross(c) and 7 r £ T, (mod 2), (13) 

fa (tt ), otherwise, 


where 7 r is a path initiated at a. 


Claim 1 (/') 


a£A 


£ C. 


Proof. We need to show that vector {f^a^A satishes equation (12) of Defini¬ 
tion [16] for each edge-initiated path. There are three cases that we consider 
separately: 



Figure 13: Case I 



Case I: path (ei,iq,e 2 , 
Definition 19 path (vi, 


ther do paths (u,e i,ui, 


...,e n , v n ) does not belong to tree T. In this case, by 
62 , ■. ■ ,e n , v n ) does not belong to tree T either. Nei- 
e 2 ,... ,e n ,v n ) for each u £ in(e 1 ). Thus, according to 
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definition ( 131 


f ei ({ei, y i,e 2 , ■ ■ 

• ? 5 ) ) H” ^ ^ 

uGin(e i) 

fL({ U > e li V li e 2 , ■ ■ 

• 7 ^n) ) 

= f ei ((ei,vi,e 2 ,.. 

• ?^n)) + ^ ^ 

u£in(e i) 

fu((u,e i,vx,e 2 ,.. 

• ? ^n))• 

Since ( f a )aeA £ £, by Definition [ 16 } 



fe x (( e lj v l, e 2, • 


fu((u,e i,v 1 ,e 2 ,.. 

••5 ^ni Vn) ) 


u£in(e i) 

= f Vl ((vI,e2,...,e n ,v n )) (mod 2). 

At the same time, since path (v\, e2, ■ ■ ■, e„, v n ) does not belong to tree T, 


by definition we have f Vl ((vi,e 2 ,... ,e n ,v n )) = f' Vl ((ui, e 2 ,. e n , v n )). 
Therefore, 

/ei(( e i,vi,e 2 ,...,e n ,u„))+ ^ f' u ((u,e 1 ,v 1 ,e 2 ,... ,e n ,v n )) 

u£in(e i) 

= • • • > e ra, u n)) (mod2). 



Case II: path (ei, r>i, e2,..., e n , u n ) belongs to tree T and ei £ Cross(c). It 
follows from Definition 19 that path {v±,e 2 ,... ,e n ,v n ) belongs to tree T as 
well and that path {u,e i,Vi,e 2 ,... ,e n , v n ) does not belong to tree T for each 
u £ m(ei). Hence, by definition 

f ei ({e i,vi,e 2 ,...,e n ,v n )) + ^2 fi({u,ei,v 1 ,e 2 ,...,e n ,v n )) 

uEin(ei) 

= f ei ((ei,vi,e 2 ,...,e n ,v n )) + l+ ^ fu((u,e i,vi,e 2 ,... ,e n ,v„)) (mod 2). 

u(zin(e i) 

Since ( f a )aeA e £, by Definition [l6j 

/ ei ((e i,t>i,e 2 ,...,e n ,i>„))+ ^ fu((u,e 1 ,v 1 ,e 2 ,... ,e n ,v n )) 

u£in(e i) 

= f Vl ({vi,e 2 ,... ,e n , v n )) (mod 2). 


26 









At the same time, since path (vi,e 2 , ■ ■ ■ ,e n ,v n ) belongs to tree T, by defini¬ 
tion (O) we have f' Vl ({vi, e 2 ,..., e n , v n )) = f Vl ({vi,e 2 , ■ ■ ■ ,e n ,v n )) + l (mod 2). 
Therefore, 


f ei (( e i,fo,e 2 ,...,e„,v n ))+ Y f u ((u,e i,v 1 ,e 2 ,... ,e n ,v n )) 

u£in(e 1) 

= fv 1 ((vi,e2,... ,e n , v n )) + 1 = fv 1 (( v U e 2, ..., e„, v n )) (mod 2). 



Figure 15 : Case III 


Case III: path (ei, v\, e2,..., e„, u„) belongs to tree T and and ei ^ Cross(c). It 

, u„) belongs to tree T as well 

5 Vri) 


follows from Definition 19 that path (iq, e2, 


and that there is a unique uq G m(ei)flV2 such that path («o, ei, Vi, e2,..., e„ 
belongs to tree T. Hence, by definition 


f' ei {{e i,vi,e 2 > ...,e n ,v n ))+ Y f l ll ((u,e 1 ,v ll e 2 ,... ,e n ,v n )) 

u£in(e i) 

= f' ei {(ei,vi,e 2 ,...,e n ,v n )) + f^ o ((u 0 , e lt v lt e 2 ,..., e„, v n )) + 

Y /«((fo e i,vi,e 2 ,...,e n ,v n )) 

uem(ei)\{u 0 } 


= / ei ((ei,ui,e 2 ,.. .,e n ,v n )) + (f Uo {(u 0 ,ei,vi,e 2 , ■ ■ -,e n ,v n )) + 1) + 

Y fu((u,e 1 ,v 1 ,e 2 ,...,e n ,v n )) 
uSm(ei)\{u 0 } 


= / ei ((ei,r>i,e 2 ,... ,e„,u„)) + 1+ 

Y fu((u,e 1 ,v 1 ,e 2 ,-..,e n ,v n )) (mod 2). 

u£in(e i) 

Since ( f a )aeA £ £, by Definition [Te] 

f ei ((ei, ui, e 2 ,..., e„, v„)) + ^ f u ((u,e 1 ,v 1 ,e 2 ,... ,e„,v n )) 

u€in(e i) 

= f Vl ((vi,e 2 ,... ,e„, v n )) (mod 2). 


27 






At the same time, f' Vl ((vi, e 2 , ■.., e n , v„)) = f Vl ((v 1 ,e 2 ,... ,e n ,v„)) + l (mod 2) 
by definition © since path (ui, e 2 , ■ ■ ■, e„, v n ) belongs to tree T, 

f' ei ((e i,vi,e 2 ,...,e„,v n ))+ ^ f' u ((u,e 1 ,v 1 ,e 2 ,... ,e n ,v n )) 

u£in(e 1 ) 

= fv 1 ({vi,e 2 ,...,e n ,v n }) (mod 2). 

This concludes the proof of the claim. E 


Claim 2 f u = f u for each u £ V\. 


Proof. Consider any vertex u £ V\. Recall from Definition [To] that the domain 
of function f u is the set of all paths starting at vertex u. By Lemma EL none 
of these paths belongs to tree T. Therefore, f u = f u due to definition (13 1 . IEI 


Claim 3 f' e = f e for each e £ E \ Cross(c). 


Proof. The statement of the claim follows from definition (131. 


Claim 4 f!^ f b . 


Proof. By Definition 19 the single-element path (b) belongs to tree T. Thus, 
fb((b}) = 1 + f b ((b)) due t° definition (13). Therefore, /£ ^ fb- El 


This concludes the proof of the lemma. 


Lemma 17 H IP A B if and only if Ih P A O p B , for each A,BQV and 
each non-negative real number p. 


Proof. (=4>). Suppose that H IP A t> p B. Then, by Definition 
subset F C E such that w(F) < p and B C A* F . By Definition 


11 


12 


there is a 
inequality 


w(F) < p implies that ||F|| < p. Thus, by Definition |6j it suffices to show that 
for any two vectors i\,( 2 £ £, if £\ =a,f £ 2 , then £\ =b £ 2 , which, in turn, 
follows from statement B C A* F and Lemma 11 

(<S=). Assume that B. Thus, by Definition[ 6 j there isFCA = VL)E 

such that ||F|| < p and for all l\,i 2 £ £, if £\ =a,f £ 2 , then t\ =b £ 2 - Note that, 
by Definition [l2j ||F|| < p implies that F C E and w{F ) < p. Suppose now 
that Ft IP A [> p B. Thus, B £j- A F , by Definition 11 Hence, there is b £ B such 
that b A* F . To finish the proof of the lemma, it suffices to construct £\,£ 2 £ £ 
such that i\ =a,f £2 and £\ 7 ^ t 2 . Consider cut c = ( A* F ,E \ A* F ). Let l\ be 
vector 0 £ C. By Lemma 16 there is vector £ 2 such that £\ =A* F ,E\Cross(c ) £ 2 , 


and t\ 7^6 £ 2 . Note that AT C A* F by Definition [To| and Definition [9] Thus, 


£\ =A,E\Cross(c ) £- 2 - By Lemma 13 we have Cross(c) D F = 0. In other words, 


F C E\ Cross(c). Therefore, £\ =a,f £ 2 - 
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Lemma 18 H lb ip if and only if Ih b ip, f or each p £ <f>(I/). 

Proof. We prove the lemma by induction on the structural complexity of for¬ 
mula ip. The base case is shown in Lemma [T7j The induction step follows from 
the induction hypothesis, Definition 0 and Definition [6| Kl 

In the preceding part of this section, given any hypergraph H , we con¬ 
structed a corresponding informational model Ih and proved properties of this 
informational model. Next, we state and prove the completeness theorem for 
the informational semantics. 

Theorem 3 For each set A and each formula p £ $(.4.), */ I t= p for each 
informational model I = (A , {D a } a& y i, || • ||,£), then b <p. 

Proof. Assume that Y- p. By Theorem[2j there is a hypergraph H = (V, E, in, out, w) 
such that p £ <fr(V) and H lb p. Therefore, Ih Y p by Lemma [l8| E3 


8 Completeness theorem for the finite informa¬ 
tional semantics 


In the previous section, we have shown the completeness of our logical system 
with respect to the informational semantics. In Definition |3j we introduced the 
notion of a finite informational model as a model in which each attribute has 
a finite cost. In this section we prove the completeness of our logical system 
with respect to the class of finite models. This is achieved by showing how any 
(potentially infinite) informational model could be converted to a finite model 
through the construction described below. 


Definition 20 For any non-negative real number r and any informational model 
I = (A, {D a } aGA , || • ||, £), let I r be tuple (A, {D a } a&A ,\\ ■ || r ,£), where 


IN, if\\c\\<r, 
r, otherwise. 


for each attribute c £ A. 

Corollary 2 For any non-negative real number r and any informational model 
I, tuple I r is a finite informational model. 

Corollary 3 ||c|| r < ||c||, for each non-negative real number r, each informa¬ 
tional model I = (A, {D a } a £ A , || • ||,£), and each attribute c £ A. 

Definition 21 For any p £ | f > (A), let rank(p) be defined recursively as follows: 

1. rank(A \> p B) = p, 
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2. rank^ip) = rank(ip), 

3. rank{ip —> %) = max(rank(ip),rank(x))■ 

Lemma 19 If rank(tp) < r, then I r t= ip if and only if 1 1= ip. 


Proof. We prove the lemma by induction on the structural complexity of formula 
ip. The inductive step immediately follows from Definition[6j Now, suppose that 
formula tp has form A > p B. 

(=>) If V t= A B 1 then, by Definition |6j there is a set C C A such that 
(i) ||C , || T ’ < p and (ii) for each t\,ti S £ if £\ =a,c £ 2 , then I\ —b £ 2 ■ From 
condition (i), Definition |21| and assumption rank(ip) < r of the lemma, 

\\C\\ r < p = rank(ip) < r. (14) 


Hence, ||c|| r < ||C|| 7 
we have llcll 


20 


tion 


statement (14), 


< r for each c S C, by Definition [5j Thus, by Defini- 
Then, by Definition [ 5 ] and the first inequality in 


= c 


lie'll = 


oec 


c = 


cec 


icir = iicir< P . 


By Definition [bj the inequality ||C|| < p together with condition (ii) above 
implies that 1 1= A [> p B. 

(•<=) If / 1= A t> p B, then, by Definition |6j there is a set C C A such that 
(iii) He'll < p and (iv) for each l\,ti £ £ if £1 =a,c £2 , then l\ =b £2- By 
Definition [S| Corollary [3j and again Definition [5] 


iict = Eii c ir^E ii c ii = lie'll- 

cec cec 


This along with condition (iii) implies that ||C|| r < p. Therefore, by Definition[6] 
and condition (iv), we have I r 1= A > p B. IEI 


We next state and prove the completeness theorem for the class of finite 
informational models. 

Theorem 4 If I t= ip for each finite informational model I = (A, {D a } ag ^, || • 
||, C) such that ip £ < F(^l), then h ip. 

Proof. Suppose that Y- ip. Thus, by Theorem [3j there is an informational model 
I = (A, {D a } a( zA, || • ||, £) such that I Y tp. Pick any r such that rank(p) < r. 
Then, I r Y tp by Lemma [19] IE 


9 Conclusion 


In this article we introduced a notion of the budget-constrained dependency 
that generalizes the notion of functional dependency previously studied by [A rm-] 
strong 1974 . We propose a sound and complete axiomatization that captures 
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the properties of the budget-constrained dependency. Although the axioms of 
our system are generalizations of the original Armstrong’s axioms, the proof 
of the completeness for our system is significantly more complicated than its 
Armstrong’s counterpart. 
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